On Sun, 2007-07-22 at 16:12 -0500, Gregory P. Ennis wrote: > On Sun, 2007-07-22 at 22:21 +0200, Ralph Angenendt wrote: > > Gregory P. Ennis wrote: > > > [Sun Jul 22 13:04:32 2007] [warn] RSA server certificate CommonName (CN) > > > `localhost.localdomain' does NOT match server name!? > > > [Sun Jul 22 13:04:32 2007] [error] Unable to configure RSA server > > > private key > > > [Sun Jul 22 13:04:32 2007] [error] SSL Library Error: 185073780 > > > error:0B080074:x509 certificate routines:X509_check_private_key:key > > > values mismatch > > > > > > The ssl errors were present on the old system so I was not too worried > > > about those. > > > > Your ServerName isn't the same as the one which is present in the > > certificate. SSL does not really like that. And it is good to be > > stricter about that. > > > > > I turned off selinux with out a change in symptoms. > > > > Yes, as that error clearly hasn't anything to do with SELinux. > > > > > Anyone's ideas would sure be appreciated !!! > > > > As that seems to be a selfsigned certificate: Create a new one with the > > server's fqdn in the Common Name filed (www.example.com, for example). > > > > tinyca2 (which is available from the rpmforge repository) makes creation > > of new certificates really easy. > > > > Also the "HOWTO" section on > > <http://www.modssl.org/docs/2.8/ssl_howto.html> has some information. > > > > Cheers, > > > > Ralph > > Ralph, > > Thanks for the suggestion to use tinyca2.... great utility!!!!! The > link was also excellent. > > Unfortunately, I am going to give up on a fix for the failure of httpd > and do a repeat install. This is my 4th install of CentOS 5.0 and > everything has worked perfectly before. I am sure it must be related to > something I have done during my configuration setup, but I can not find > the error for now. > > Back to the Salt mines!!! > > Greg >
I wanted to submit a follow up note to this thread. It turned out that Ralph's suggestion provided the solution. I did a repeat installation, checked httpd at the beginning of the installation it it worked fine. After the updates and after some setup changes I made httpd failed again in the same manner as before. I finally created my own certificates (httpd) with make-dummy-cert and modified /etc/httpd/conf.d/ssl.conf with the following additions SSLCertificateFile /etc/pki/tls/certs/httpd.crt SSLCertificateKeyFile /etc/pki/tls/private/httpd.pem SSLCertificateChainFile /etc/pki/tls/certs/httpd-chain.crt SSLCACertificateFile /etc/pki/tls/certs/httpd-bundle.crt The httpd-bundle had to be created with a script : OUTPUT="$1.crt" echo "Creating : $OUTPUT" openssl x509 -in $1 -noout -text > $OUTPUT cat $1 >> $OUTPUT httpd is working perfectly now. I am still not sure why httpd worked on other installations I have done without this, but as Ralph mentioned the certs really needed to be updated anyway. Greg _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
